Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-004

CompTIA CAS-004 Exam
CompTIA Advanced Security Practitioner (CASP+) CAS-004 (Page 25 )

Updated On: 7-Feb-2026
Page 25 of 127
PDF with 645 Questions

An organization that provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of self-healing that includes monitoring performance and available resources. When the system detects an issue, the self-healing process is supposed to restart parts of the software.
During the incident, when the self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self-healing system did not detect that some services did not fully restart and declared the system as fully operational.
Which of the following BEST describes the reason why the silent failure occurred?

  1. The system logs rotated prematurely.
  2. The disk utilization alarms are higher than what the service restarts require.
  3. The number of nodes in the self-healing cluster was healthy.
  4. Conditional checks prior to the service restart succeeded.

Answer(s): B



A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.
Which of the following technologies would BEST meet this need?

  1. Faraday cage
  2. WPA2 PSK
  3. WPA3 SAE
  4. WEP 128 bit

Answer(s): C



An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed.
Which of the following side-channel attacks did the team use?

  1. Differential power analysis
  2. Differential fault analysis
  3. Differential temperature analysis
  4. Differential timing analysis

Answer(s): B


Reference:

https://www.hitachi-hightech.com/global/products/science/tech/ana/thermal/descriptions/dta.html



A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.
Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?

  1. NAC to control authorized endpoints
  2. FIM on the servers storing the data
  3. A jump box in the screened subnet
  4. A general VPN solution to the primary network

Answer(s): C



A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.
Which of the following solutions does this describe?

  1. Full tunneling
  2. Asymmetric routing
  3. SSH tunneling
  4. Split tunneling

Answer(s): A






Post your Comments and Discuss CompTIA CAS-004 exam prep with other Community members:

Join the CAS-004 Discussion